COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-38813

CVE-2024-38813

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2024-11-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-38813
⌖ exploited in the wild shame 50/100 exploited-in-wild

VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet.

Players implicated

VMware, Inc. · vendorvCenter Server · product

Description

VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet.

Affected FedRAMP products 2 in the catalog

ProductProviderStatusMatch
VMware Government Services (VGS) VMware, Inc. Authorized vendor-exact · 0.90
Workspace ONE VMware, Inc. Authorized vendor-exact · 0.90